Security
You can control some aspects of security directly via your Cockpit under the Content Delivery tab. This includes blocking IPs and viewing WAF information.
Block IPs
If you spot a malicious IP or need to block IPs for whatever reason, you can block them directly from the Cockpit.
This is only applicable if you are using Fastly as your CDN. Otherwise, you can block IPs using an ingress. |
Instructions
You can block a single IP by entering it manually or a list of IPs by importing a csv
file.
-
Go to Content delivery > Block IP.
-
Select the desired Cluster Id from the dropdown list.
-
Choose to block a single IP or import a list to block:
-
Click Block IP.
-
Enter the CIDR[1].
The appropriate bit prefix (
/32
(IPv4) or/128
(IPv6)) is appended automatically. -
Add a comment.
-
Click Block IP.
IPv6 Example-
Click Block IP (CSV).
-
Select the file you wish to upload.
-
Click Block IP (CSV).
See an example format and CSV file below these instructions.
- CSV entry format
-
CIDR[1],Comment
example csv file192.169.0.0/16,local network range 23.45.67.111/32, 2002::1234:abcd:ffff:c0a8:101/64 192.169.0.1/12,"commas, in, a, comment, example" (1)
1 Comments are optional. However, if you use them and there are commas in your comment, be sure to wrap the comment in double quotations. Otherwise, it may be read as a separate entry in the CSV file. -
Webapp firewall
Web Application Firewalls, or WAFs, protect web applications from common malicious attacks such as cross-site-scripting (XSS) and SQL injections. Essentially, they act as a type of wall or shield between your web application and the internet. If you have your own CDN for your project, you’ll likely have your own WAF.
If you choose to go with the default CDN for Magnolia PaaS, you’ll be protected with the Fastly WAF.
The Fastly WAF inspects the web traffic at the HTTP application layer by looking at all HTTP and HTTPS requests (both header and body included). This can be configured specifically for your deployment.
View WAF information
To view passed, logged, and blocked requests for your WAF:
-
Go to Content delivery > WAF.
-
Select the desired Cluster Id from the dropdown list.
-
Select the desired Domain Name from the dropdown list.
-
Select the Range for the statistics.
See the WAF graphs below for more details on each metric.
WAF graphs
You can view information on the Traffic as well as the Origin of requests easily in the Cockpit. You can also easily see which attacks occur most often in the Blocked tab and the top IPs in the IP tab.
Traffic
Under the Traffic tab, you can view the following:
Metric | Description and Visual | ||
---|---|---|---|
Total requests |
Displays the total requests to the WAF in the specified time period.
|
||
Total blocked requests |
Displays the total blocked requests to the WAF in the specified time period.
|
||
Total requests per WAF status |
Displays the total requests broken down by WAF status.
|
||
Total requests per WAF status over time |
Displays the total requests broken down by WAF status by the time period.
|
Origin
Under the Origin tab, you can view the following:
Metric | Description and Visual | ||
---|---|---|---|
Blocked request per zones |
Displays (as a map) the blocked requests per geographic zone.
|
Blocked
Under the Blocked tab, you can view the following:
Metric | Description | ||
---|---|---|---|
Attacks per type |
This graphic shows you the attacks per type for the selected cluster, domain, and time period. |
||
Attacks per rule |
This graphic shows you the attacks per rule for the selected cluster, domain, and time period.
|
||
Attacks per path |
This graphic shows you the attacks per path for the selected cluster, domain, and time period. |